New Hugging Face Vulnerability Exposes AI Models to Supply Chain Attacks
New Hugging Face Vulnerability Exposes AI Models to Supply Chain Attacks
27 February 2024
Cybersecurity researchers have found that it's possible to compromise the Hugging Face Safetensors conversion service to ultimately hijack the models submitted by users and result in supply chain attacks.
"It's possible to send malicious pull requests with attacker-controlled data from the Hugging Face service to any repository on the platform, as well as hijack any models that are submitted